Академический Документы
Профессиональный Документы
Культура Документы
org
Written by Marc Grote www.it-training-grote.de
Microsoft Exchange 2003 Domain Rename Rename a Windows 2003 Forest with
Exchange 2003 installed
Abstract
In this article I will give you a Step by Step solution how to rename a Windows 2003 domain with
Exchange 2003 installed. This article will not explain every step how to do a domain rename. This
is documented in the Step-by-Step Guide to Implementing Domain Rename. You will find the
link at the end of this article.
The Windows Server 2003 Active Directory Domain Rename Tool provides a supported
methodology to rename one or more domains in an Active Directory forest. The DNS name and
the NetBIOS name of a domain can be changed using the domain rename procedure.
Note that implementing domain rename is a complex undertaking that requires thorough planning
and a good understanding of the domain rename procedure.
Lets begin
Before we are discussing the necessary steps for domain rename, you must ensure that you have
a functioning and current Backup of your Active Directory infrastructure and Exchange and that
you have a tested recovery plan in mind if domain rename fails.
In our example we have a Windows 2003 domain named msexchange.org. Msexchange.org has
the Windows Server 2003 forest functional level with Exchange 2003 SP1 installed. Due an
merger we would like to rename the domain to Msexchange.com.
There are several reasons why a domain rename is neccassary. Some examples:
? Fear of making irreversible decisions about domain names and forest structure
? Delay any deployment while striving for perfectforest structure and domain names
? Changes in geography
? DNS structure change
? Unforeseen business dynamics necessitating domain name changes
? Company merger or acquisition
? Business unit reorganization
Supported Operations
Limitations
No good product without limitations and drawbacks. It is not possible to do all renaming
operations with RENDOM. The following limitations exist:
Rendom.exe is the command-line utility for renaming domains in Windows Server 2003 forests.
Rendom is used to carry out the multiple steps in the domain rename procedure. You precede the
domain rename process by using Rendom to prepare a list of domains in the forest. You begin
the domain rename process by using Rendom to generate a script (Forest description file) that
contains the instructions for renaming domains in the forest. You use Rendom again to verify that
all DCs are adequately prepared (RENDOM /PREPARE) to make the necessary updates to
rename the domains. Finally, you use Rendom to execute (RENDOM /EXECUTE) the actual
domain rename instructions on every DC. Following the domain rename procedure, you use
Rendom to remove all metadata written to the directory by the domain rename operation.
Attention:
The RENDOM.EXE tool from the web doesnt work with Exchange installed. Use the version
from the Windows 2003 CD. An updated version of RENDOM.EXE is suspected in the future.
? RENDOM.EXE
? GPFIXUP.EXE
Rendom has several command line switches:
As a result of the first command (RENDOM /LIST) you issue to begin the domain rename process,
Rendom creates an XML file called the state file, which contains the list of all DCs in the forest.
As DCs progress through the various steps in the procedure, Rendom updates the state file to
track the state of each DC relative to the completion of the domain rename process.
As you perform each step in the domain rename operation, Rendom automatically updates the
state file. By monitoring the states of completion of each DC in the state file, you receive the
information you need to issue the next Rendom command in the sequence. You can edit the state
file to temporary exclude some DC for domain renaming procedure.
The RENDOM /LIST command generates the current forest description and writes it to an output
file (DOMAINLIST.XML) using an XML-encoded structure. This file contains a list of all domains
and application directory partitions in the forest, along with the corresponding DNS and NetBIOS
names.
Each domain and application directory partition is also identified by a globally unique identifier
(GUID), which does not change with domain rename. To simplify specifying the new forest
structure, Rendom gathers and compiles the current forest structure automatically such that the
new forest structure can be overlaid on top of it.
Figure 4: DOMAINLIST.XML Forest description file
Simply replace the old ForestDNSZones and DomainDNSZones names with the new domain
name. You can (but not must) change the NetBIOSName. For large organizations I recommend
to use the search and replace function of your editor.
GPFIXUP
When the DNS name of a domain changes, any references to Group Policy Objects (GPOs)
within the renamed domain through Group Policy links (the gpLink attribute) on sites, domains,
and organizational units is rendered invalid because they are based on the old domain name.
Furthermore, the optional attribute gpcFileSysPath on a GPO that holds a uniform naming
convention (UNC) path to a Group Policy templates folder located in the sysvol volume of the
renamed domain will also be rendered invalid because the path uses the old domain DNS name.
To correct the severed Group Policy links and the invalid UNC paths in GPOs within the renamed
domain, you can use the Group Policy fix-up tool gpfixup.exe to refresh the Group Policy links
and the UNC paths in GPOs based on the new domain name.
The Group Policy fix-up tool should be run once for every renamed domain soon after the actual
domain rename operation has been completed and before another domain rename operation is
performed.
The fix-up tool gpfixup refreshes all intradomain GPO references/links (that is, where the link and
the target GPO are within the same domain) in the renamed domain. However, cross-domain
references to GPOs in the renamed domain, where the link is in a different domain from the
domain containing the GPO, will not be automatically rebuilt by this tool. For them to work, these
cross-domain links will need to be repaired manually by deleting the old Group Policy links and
re-establishing new links.
Figure 5: GPFIXUP command line switches
Preparatory Steps
It is not possible to explain every preparatory Step. For a detailed description see the domain
rename Whitepaper.
WARNING:
Rendom.exe tool versions before version 1.2 did not detect Exchange 2000 and incorrectly
permitted domain rename operations. The actual version as I wrote this article was version 1.3.
The RENDOM.EXE tool from the web doesnt work with Exchange installed. Use the version
from the Windows 2003 CD. An updated version of RENDOM.EXE is suspected in the future.
Procedures of the Original Windows Server 2003 domain rename tool
Step Description
Step 1 Back up all domain controllers
Step 2 Set up the control station
Step 3 Generate the current forest description (rendom /list)
Step 4 Specify the new forest description
Step 5 Generate domain rename instructions (rendom /upload)
Step 6 Push domain rename instructions to all domain controllers and verify DNS
Step 7 Verify readiness of domain controllers (rendom /prepare)
Step 8 Execute domain rename instructions (rendom /execute)
Step 9 Unfreeze the forest configuration
Step 10 Re-establish external trusts
Step 11 Fix Distributed file system (Dfs) topology
Step 12 Fix group policy objects and links (gpfixup.exe)
After the Verify certificate security after domain rename
domain Miscellaneous tasks
rename Back up domain controllers
procedure Restart member computers
New: Verify the Exchange rename
New: If applicable, update Active Directory Connector (ADC)
Attribute clean up after domain rename
Rename domain controllers (optional)
New: Domain Controller Rename Follow-Up Steps
Source: Exchange Domain Rename Fix-up.doc with a few modifications
Important: To use this step by step Guide to rename Windows 2003 domains with Exchange 2003
installed, see the step by step guide later in this article.
RENDOM steps
Legacy Clients
If your environment consists of NT4 Clients, you have to unjoin and rejoin every client from the
domain because it is not possible with NT4 to automatically reflect the renamed domain.
Language Support
The domain rename tools can be used on all language versions of Windows Server 2003. There
are no language-specific versions of the tools.
XDR-fixup
Exchange Domain Rename Fix-Up (XDR-fixup.exe) fixes Exchange attributes after you rename a
domain that contains Exchange 2003 servers. XDR-fixup is available as part of the Exchange
2003 Web Tools as a separate Download. Point your browser to
http://www.microsoft.com/exchange/downloads/2003.asp.
XDR-fixup is not a replacement of the Windows 2003 domain rename tools. The Windows Server
2003 domain rename tools were originally designed for renaming domains in Microsoft Active
Directory directory service forests that do NOT contain Exchange 2000 or Exchange 5.5 servers.
This limitation was because of renaming a domain affects several Exchange attributes, and there
was no method for fixing these attributes. Microsoft Exchange Server 2003, however, is
compatible with the Exchange Domain Rename Fix-Up tool (XDR-fixup.exe), which fixes
Exchange attributes after a domain rename.
Domain rename is not supported in forests that contain Exchange 2000 or Exchange 5.5.
The installation of XDR-fixup is simple. Only doubleclick the installation file and follow the
instructions:
Running the XDR-fixup tool is an additional step required for doing a domain rename operation.
XDR-fixup modifies Exchange Active Directory attributes to reflect the new domain name.
The XDR-fixup tool does not replace the Windows Server 2003 domain rename tools, nor does it
extend the functionality of the domain rename tools. You must run XDR-fixup.exe every time you
run RENDOM /EXECUTE.
Domain rename doesnt change any e-mail domain in Exchange doesnt change any recipient
policy. You must change your recipient policy after domain rename.
You cannot rename the Exchange Organization with the domain rename tool.
It is not possible with domain rename to merge two Exchange organizations into a single
Exchange organization.
Prerequisites
XDR-fixup integrates into the normal Windows 2003 domain rename steps with three additional
steps:
Step Description
Step 0 Preliminary Steps:
Move Exchange off of domain controllers
Discontinue Exchange Configuration Changes
Step 1 Back up all domain controllers
Step 2 Set up the control station
Step 3 Generate the current forest description (rendom /list)
Step 4 Specify the new forest description (save the original XML file as domainlist-
save.xml)
Step 5 Generate domain rename instructions (rendom /upload)
Step 6 Push domain rename instructions to all domain controllers and verify DNS
Create new DNS zones and settings with secure dynamic DNS updates
Step 7 Verify readiness of domain controllers (rendom /prepare)
Step 8 Execute domain rename instructions (rendom /execute) DC REBOOTS
-- New -- Update the Exchange configuration (run XDR-fixup)
-- New -- Restart all Exchange servers and Exchange System Manager clients twice
Step 9 Unfreeze the forest configuration
Step 10 Re-establish external trusts
Step 11 Fix Distributed file system (Dfs) topology
Step 12 Fix group policy objects and links (gpfixup.exe)
After the Verify certificate security after domain rename
domain Miscellaneous tasks
rename Back up domain controllers
procedure Restart member computers
New: Verify the Exchange rename
New: If applicable, update Active Directory Connector (ADC)
Attribute clean up after domain rename
Rename domain controllers (optional)
New: Domain Controller Rename Follow-Up Steps
Source: Exchange Domain Rename Fix-up.doc with a few modifications
It is not possible to explain every step in detail for this article. I will write a few lines to some step.
For detailed information see the corresponding Whitepaper.
To run the XDR-fixup tool (between Steps 8 and 9 of the domain rename procedure),
perform the following steps:
Figure 9: XDR-fixup
Attention: Be sure that you specify the right credentials in the XDR-FIXUP command because the
NETBIOS domain name might be changed. You can also specify the credentials in UPN format
(username@domain.tld).
After the XDR-fixup command has run, log off the control station computer and immediately
Logon again.
Run the following command: LDIFDE i f CHANGESCRIPT.LDF
Restart ALL Exchange Servers
Verify successful Exchange Rename
Update Active Directory Connectors when you use the ADC for Interorganizsational restructuring
(Please keep in mind that XDR-Fixup is not supported for Exchange 2000 / 5.5 so when you
use ADC for Exchange 5.5 migrations).
You have successfully renamed Windows 2003 and patched Exchange 2003. This article ends
here. In a real life environment you have to fix a lot more components like
Conclusion
As you can see in this article it is not so easy to do a domain rename with Windows 2003 and
Exchange 2003.
Note that implementing domain rename is a complex process that requires thorough planning and
a good understanding of the domain rename procedure.
I have tested domain rename only in a Lab environment and I cannot recommend doing a domain
rename in a production environment.
Related Links